Artifact Weblog

Couldn't figure this one out for a while...  There's great guide on the TechNet Blog here: https://blogs.technet.microsoft.com/canitpro/2015/10/20/step-by-step-managing-windows-10-with-administrative-templates/ You will quite likely get the following error message when you go to edit or create a GPO: This can be resolved by following this guide: https://support.microsoft.com/en-ie/help/3077013/microsoft.policies.sensors.windowslocationprovider-is-already-defined

Was working on a load of PCs today whilst listening to U2 and I noticed that some of the new Windows 10 sounds are perfectly in key with some of U2's songs!  A few times they even chimed in at the same time. Here's a few: "Windows User Account Control" works perfectly with U2's "New York" "Windows Background" works perfectly with U2's "I'll Go Crazy If I Don't Go Crazy Tonight" "Windows Log-off Sound" works perfectly with U2's "Until The End Of The World"

Disabling Macros in Excel 2010 Disabling Macros from running in MS Office is one of many important steps worth taking in order to keep your computer secure. Please see here for details on how to do this: https://support.office.com/en-ie/article/Enable-or-disable-macros-in-Office-documents-7b4fdd2e-174f-47e2-9611-9efe4f860b12?ui=en-US&rs=en-IE&ad=IE

By now you may have heard of the Petya (or NotPetya) ransomware. This is a yet another high profile malware which has spread like wildfire but is only one in an increasing array of Ransomware attacks that threaten IT systems all around the world. As with WannaCry before, please, please, please be extra careful with the following: Email attachments – do you know the sender? Are you expecting an attachment from them? Does the attachment have an unusual name? Website links in emails or from other websites whose reputation you can’t be sure of Those of you who are my customers will already have ESET Antivirus, Automatic Windows Updates, and won’t have Windows XP (especially vulnerable). However, this does not mean you can be in any way complacent.  This kind of infection is very hard to prevent and ultimately safety can be at the mercy of a user opening an infected attachment. I advise doing the following as soon as you can: Backup, backup, backup!  To an external har

From ESET... Use reliable antimalware software: This is a basic but critical component. Just because it’s a server, and it has a firewall, does not mean it does not need antimalware. It does! Always install a reputable antimalware program and keep it updated. Make sure that you have all current Windows updates and patches installed Run ESET’s EternalBlue Vulnerability Checker to see whether your Windows machines are patched against EternalBlue exploit, and patch if necessary. For ESET Home Users: Perform a product update For ESET Business Users:   Send an Update Task to all Client Workstations or update Endpoint Security or Endpoint Antivirus on your client workstations .

SMBv1 is an old network file system protocol and is used by the ex-NSA's hacking tool EternalBlue to spread ransomware throughout networks.  Disabling it is advised but use with caution. Windows 8, 10, and Server 2012 Open an administrator-level PowerShell window Type the following: Set-SmbServerConfiguration -EnableSMB1Protocol $false To confirm changes: Get-SmbServerConfiguration | Select EnableSMB1Protocol, EnableSMB2Protocol Windows XP, Vista, 7, and Server 2008 and 2008 R2: Open an administrator-level PowerShell window Type the following: Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" SMB1 -Type DWORD -Value 0 -Force Restart your PC To disable SMB1 server and/or client via Group Policy: https://support.microsoft.com/en-za/help/2696547/how-to-enable-and-disable-smbv1-smbv2-and-smbv3-in-windows-and-windows

Am I wrong to think that it might be more appropriate to save our ire for #ShadowBrokers and @wikileaks than for the @NSAGov ? … — Steve Garvey (@artifactireland) May 15, 2017 from Twitter https://twitter.com/artifactireland May 15, 2017 at 08:44PM via IFTTT

Does any rational person believe that @WikiLeaks is a defender of truth, justice, and integrity? Does NE1 really think they're our friends?… — Steve Garvey (@artifactireland) May 15, 2017 from Twitter https://twitter.com/artifactireland May 15, 2017 at 08:44PM via IFTTT

Critical: Patch Windows Against WannaCry https://t.co/7JVnSjXjXM https://t.co/iiTv6ybfxa IFTTT, Twitter — Steve Garvey (@artifactireland) May 15, 2017 from Twitter https://twitter.com/artifactireland May 15, 2017 at 08:44PM via IFTTT

Critical: Patch Windows Against WannaCry https://t.co/7JVnSjXjXM — Steve Garvey (@artifactireland) May 15, 2017 from Twitter https://twitter.com/artifactireland May 15, 2017 at 06:40PM via IFTTT

Thank you @MalwareTechBlog for your hard work. Hope you get some sleep! https://t.co/2l8JWcIDXV https://t.co/dUwGbJXg4K IFTTT, Twitter … — Steve Garvey (@artifactireland) May 15, 2017 from Twitter https://twitter.com/artifactireland May 15, 2017 at 06:40PM via IFTTT

The Windows SMB Server patch to help protect against WannaCry is available here: https://t.co/Qluk96KW32 and here: https://t.co/EXF5332Ngs — Steve Garvey (@artifactireland) May 15, 2017 from Twitter https://twitter.com/artifactireland May 15, 2017 at 06:18PM via IFTTT

 A critical part of preventing against the WannaCry ransomware is making sure that you have Microsoft's Security Bulletin MS17-010 (also know as Security Update for Microsoft Windows SMB Server). Here's where to go to get it. Windows Vista, 7, 8, and 10: https://technet.microsoft.com/en-us/library/security/ms17-010.aspx Windows Server 2008, 2008 R2, 2012, 2012 R2, and 2016: https://technet.microsoft.com/en-us/library/security/ms17-010.aspx Windows XP (with SP3) x86: http://download.windowsupdate.com/d/csa/csa/secu/2017/02/windowsxp-kb4012598-x86-custom-enu_eceb7d5023bbb23c0dc633e46b9c2f14fa6ee9dd.exe Windows Server 2003 x86: http://download.windowsupdate.com/c/csa/csa/secu/2017/02/windowsserver2003-kb4012598-x86-custom-enu_f617caf6e7ee6f43abe4b386cb1d26b3318693cf.exe Windows Server 2003 x64: http://download.windowsupdate.com/d/csa/csa/secu/2017/02/windowsserver2003-kb4012598-x64-custom-enu_f24d8723f246145524b9030e4752c96430981211.exe

Thank you @MalwareTechBlog for your hard work. Hope you get some sleep! https://t.co/2l8JWcIDXV — Steve Garvey (@artifactireland) May 15, 2017 from Twitter https://twitter.com/artifactireland May 15, 2017 at 02:44PM via IFTTT

Great article from ESET on how to stay protected from WannaCry and the like: https://t.co/UGMtFSAs9i — Steve Garvey (@artifactireland) May 15, 2017 from Twitter https://twitter.com/artifactireland May 15, 2017 at 12:49PM via IFTTT

The #Windows10 Creator's Update is a good one. Goes on without hassle, has some nice new features, and has sorted out some printer gremlins. — Steve Garvey (@artifactireland) April 26, 2017 from Twitter https://twitter.com/artifactireland April 26, 2017 at 01:03AM via IFTTT

A while back I ran into some issues trying to boot a client PC through Acronis SnapDeploy: v3 boot disk wouldn't see HDD but saw NIC v4 boot disk would see HDD but not NIC v4 PXE was same as above Eventually I concluded that the driver for NIC on v3 boot disk was dodgy. Solution: Download Windows AIK 1.6 for XP/Vista Install on Acronis machine. Build PE boot for PXE and add drivers for the NIC Boot from PXE

I've encountered this issue a number of times at customer sites protected by good quality firewalls with web content filtering. The issue is that you can view a YouTube video but the thumbnails for the videos you want to watch don't show up in YouTube.  This makes browsing YouTube less than entertaining and a little tiresome. To resolve this issue you need to un-block or allow access to the following domain on your firewall: ytimg.com

One more thing regarding Windows Updates... In order for Windows updates to work properly your firewall must allow access to the following domains: download.microsoft.com ntservicepack.microsoft.com update.microsoft.com windowsupdate.com wustat.windows.com

A while back I encountered a nasty little BSOD:   0x000000A0 INTERNAL_POWER_ERROR After some digging I discovered that this seems to relate to the size of the Windows Hiberfile being less than 100% that of the system's RAM. The fix is as follows: - Open elevated Command Prompt - Type "powercfg -hibernate -size 100" and hit Enter

On certain models of HP ProBook one will encounter an error when trying to uninstall the HP Client Security Manager software. Here is the solution: Disable the DVD/CD drive in Device Manager Uninstall HP Client Security Manager Reboot the laptop Then re-enable the DVD/CD drive

Lately I've been finding Windows Updates under Windows 7 to be a real pain.  One of the more common issue is where Windows gets stuck on checking for updates.  This can go on indefinitely. The following steps often resolve the issue.  I say often because in some rare cases the issue can persist... - Open an admin command prompt - Enter "net stop wuauserv" - Run KB3138612.msu - Restart PC - Open an admin command prompt - Enter "net stop wuauserv" - Run KB3102810.msu - Enter "net stop wuauserv" - Run KB3135445.msu - Run WindowsUpdateDiagnostic.diagcab - Run WindowsUpdateDiagnostic.diagcab again (must see everything fixed) - Run Windows Update and check for updates One last thing: always make sure you have the latest version of the Windows Update Client.